Microsoft Announces Confidential Compute for Azure

Microsoft Azure latest feature will encrypt your files and keep them entirely secret, even from Microsoft.

This week Microsoft revealed a new feature soon to be implemented in its Azure cloud called “Confidential Compute”. Confidential Compute will allow Azure users to keep their data entirely safe whether it’s in storage, running over a  network, and even when it’s being computed in-memory. By allowing users to encrypt data even when in use, ensures that all files and data can be kept completely safe from hackers, governmental warrants and even from Microsoft themselves.

The new features will operate in two modes. The first is for virtual machines. The second mode uses a specific feature in Intel’s new Skylake-SP Xeon processors called Software Guard Extensions (SGX). However, both modes will operate in a completely trusted execution environment (TEE) by allowing applications to ringfence specific parts of code and data. Any code or data within a TEE is impossible to inspect from outside.

The virtual machine mode relies on a certain Hyper-V functionality found in Windows 10 and Windows Server 201 called Virtual Secure Mode (VSM). By using VSM, the majority of any application is able to run in a regular virtual machine in addition to a regular operating system. The parts of the application being run in the TEE section will be run in a separate virtual machine that consists of only a basic operating system that can successfully communicate with the regular VM. The parts of code in the TEE will be those that need to handle sensitive data.

In the event that any application gets compromised and a hacker gains access to the main VM, any data within the TEE will remain inaccessible. Because Hyper-V keeps the two machines separated, a hacker would have to be able to compromise the Hyper-V first before being able to gain access.

The SGX processor will encrypt and decrypt data itself from memory in such a way that the data is only decrypted in the processor. This allows the processor to carve out TEE using regular processes without having to use any virtual machines whatsoever. This makes Hyper-V security less relevant, as the main trust and security issues rest solely between the SGX processor itself and the application in question. Using this unique method of TEE, no one, not even Microsoft will be able to access the data.

According to Microsoft, they are currently developing other TEEs as well. The most noteworthy of this being a TEE based on virtual machines that use the encrypted memory features of AMD’s Epyc processors.

This new Confidential Computing feature in Azure will soon be made available via an early access program. The new feature will be available on both Windows and Linux operating systems with an SDK which will enable developers to write parts of their application within TEEs.

Ali Raza
Ali Raza
Ali Raza is a freelance journalist with extensive experience in marketing and management. He holds a master degree and actively writes about crybersecurity, cryptocurrencies, and technology in general. Raza is the co-founder of, too, a site dedicated to educating people on online privacy and spying.

More from author

Notify of
Inline Feedbacks
View all comments

Related posts


Latest posts

7 Best Work from Home Apps for Moms

Being a mom is a job in itself. Between taking care of the kids, keeping up with household chores, and trying to squeeze in...

Top 9 Ways Technology is Helping Global Trade

If you are in a global business, utilizing technology is a surefire way of growing your business and increasing your customer base. Today, you...

7 Ways Technology Is Going To Transform Lead Generation

 In the ever-growing world of digital marketing, the ability to generate quality leads remains the most important ROI driver. Both inbound and outbound lead...